Ransomware Group: INCRANSOM

VICTIM NAME: Dollar Tree

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

This report pertains to a recent security incident involving Dollar Tree, a major retail chain operating over 16,700 stores across North America under various brand names including Dollar Tree, Family Dollar, and Dollar Tree Canada. The breach was discovered on July 30, 2025, at approximately 9:56 AM. The incident resulted in the exposure of a significant amount of sensitive data, approximately 1.2 terabytes, which the threat actors have indicated will be published soon on their blog. This leak includes personal and proprietary information related to the company’s operations, intellectual property, and potentially customer data. Such a breach poses serious risks to data privacy and operational security for the organization and its stakeholders.

The leak page features a visual screenshot of potential internal data security issues, including various documents and interface displays, emphasizing the extent of the compromised information. The threat actors have identified themselves as part of an ‘incransom’ group, highlighting the malicious intent behind this attack. Notably, Dollar Tree has expanded its market presence recently through a series of acquisitions, including leases and intellectual property of other retail chains, which may have been exploited during this incident. The breach underscores the vulnerability of large retail corporations to cyberattacks, especially considering the volume of data handled and stored across multiple locations and systems. Customers, employees, and partners should remain vigilant for further updates and potential data misuse.